Home / bulletins MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.5
Posted on 22 May 2012
There is an newer version: MS11-100 - Version: 1.6
CriticalSeverity Rating: Critical
Revision Note: V1.5 (May 22, 2012): Added entry to the update FAQ to announce a detection change for KB2656352 for Microsoft .NET Framework 2.0 Service Pack 2 to correct an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.Other versions
- MS11-100 - Version: 1.0
- MS11-100 - Version: 1.1
- MS11-100 - Version: 1.2
- MS11-100 - Version: 1.3
- MS11-100 - Version: 1.4
- MS11-100 - Version: 1.5
- MS11-100 - Version: 1.6
